Role-Based Access
Define an "editor" role that can read, create, and update posts and comments.
Policy
json
{
"version": "2024-01-01",
"statement": [
{
"sid": "EditorAccess",
"effect": "Allow",
"action": ["collections:read", "collections:create", "collections:update"],
"resource": ["posts", "comments"]
}
]
}Setup
- Register
postsandcommentsas managed collections - Create the policy above
- Create a role called "editor" in
iam_roles - Attach the policy to the "editor" role via
iam_role_policies - Assign the "editor" role to users via
iam_user_roles
Any user with the "editor" role can now read, create, and update posts and comments. Deleting is implicitly denied.